editor's blog
Subscribe Now

Intentionally Fuzzy

All software has bugs; every system has some kind of vulnerability. And the canonical way of dealing with them is to fix the bugs or tighten the code to eliminate system weaknesses. And then we patch our systems, as anyone who has been late to the airport and has shut down their computer in a last-ditch effort to get out the door, only to have the computer say, “Updating 1 of 32… Please do not power down or unplug your computer,” can attest. (Because, when Windows decides it’s time to update, well, there’s not much in this universe that can out-prioritize that.)

Editorials aside, each of those patches required someone to find a problem, then figure out how to fix the problem, then actually fix it, and, finally, test to prove that the fix doesn’t do some other harm. And that all takes time. If the vulnerability is severe, then ne’er-do-wells could be out busily enjoying unfettered access to somewhere they’re not supposed to be while the hole is being plugged.

So, when it comes to security for important infrastructure like utilities and other industrial sites, you can’t wait for the fix. In fact, a fix might not even be forthcoming. Instead, you figure out what malevolent traffic might look like, and you block it. You’re not fixing the broken lock on the door to keep the burglar out; you’re simply putting a dog in front of the door to filter out the burglars.

This is the situation described to me by Wurldtech’s Greg Speakman and Nate Kube shortly after they announced that Siemens’s CERT lab had been certified on Wurldtech’s Achilles certification testing. Achilles is a test facility that includes “fuzzers” – tests that present equipment with traffic that is almost correct, but is mutated here or there. The idea is to see if such “nearly good” traffic can get in and cause an observable change in behavior (which might be benign or might have no deleterious effect unless sustained over time) or, worse yet, cause a system failure. They automatically create tests based on protocol standards and run those against their clients’ systems.

When issues are found, the signatures of the offending traffic enter their database and are used to strengthen the traffic filters. They claim to have found over 350 “0-days” for their clients. The oddly-named “0-day” refers to any vulnerability found by outsiders before the equipment company itself knows about it – they’ve had 0 days to respond to it.

That characterization makes sense for systems already out on the market, but apparently it still applies if a company contracts someone like Wurldtech to help with system validation before shipping the systems. The fact that the issue was found outside the company – even if at the company’s request, before any systems are shipped into the field – seems to qualify it as a 0-day (even though, if the equipment maker bought out the certification house or did similar testing in-house, then the same discovery would no longer be a 0-day).

You can find more on the recent Siemens certification in their release.

Leave a Reply

featured blogs
Sep 28, 2022
Learn how our acquisition of FishTail Design Automation unifies end-to-end timing constraints generation and verification during the chip design process. The post Synopsys Acquires FishTail Design Automation, Unifying Constraints Handling for Enhanced Chip Design Process app...
Sep 28, 2022
You might think that hearing aids are a bit of a sleepy backwater. Indeed, the only time I can remember coming across them in my job at Cadence was at a CadenceLIVE Europe presentation that I never blogged about, or if I did, it was such a passing reference that Google cannot...
Sep 22, 2022
On Monday 26 September 2022, Earth and Jupiter will be only 365 million miles apart, which is around half of their worst-case separation....

featured video

PCIe Gen5 x16 Running on the Achronix VectorPath Accelerator Card

Sponsored by Achronix

In this demo, Achronix engineers show the VectorPath Accelerator Card successfully linking up to a PCIe Gen5 x16 host and write data to and read data from GDDR6 memory. The VectorPath accelerator card featuring the Speedster7t FPGA is one of the first FPGAs that can natively support this interface within its PCIe subsystem. Speedster7t FPGAs offer a revolutionary new architecture that Achronix developed to address the highest performance data acceleration challenges.

Click here for more information about the VectorPath Accelerator Card

featured paper

Algorithm Verification with FPGAs and ASICs

Sponsored by MathWorks

Developing new FPGA and ASIC designs involves implementing new algorithms, which presents challenges for verification for algorithm developers, hardware designers, and verification engineers. This eBook explores different aspects of hardware design verification and how you can use MATLAB and Simulink to reduce development effort and improve the quality of end products.

Click here to read more

featured chalk talk

Clamping Down on Failure: Protecting 24 V Digital Outputs

Sponsored by Mouser Electronics and Skyworks

If you're designing IEC61131 compliant digital outputs for these PLCs or industrial controllers, you need to have a plan to protect these outputs from a variety of unknowns. In this episode of Chalk Talk, Amelia Dalton chats with Asa Kirby from Skyworks about an innovative new isolated smart switch device from Skyworks that gives you an unprecedented level of channel flexibility and protection, letting you offer customers a truly “set it and forget it” solution when it comes to your next PLC design.

Click here for more information about Skyworks Solutions Inc. Si834x Isolated Smart Switches